construqt 0.0.5 → 0.0.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/construqt/addresses.rb +121 -10
- data/lib/construqt/bgps.rb +10 -12
- data/lib/construqt/firewalls.rb +115 -16
- data/lib/construqt/flavour/ciscian/ciscian.rb +73 -93
- data/lib/construqt/flavour/ciscian/deploy_template.rb +36 -0
- data/lib/construqt/flavour/ciscian/dialect_dlink-dgs15xx.rb +62 -114
- data/lib/construqt/flavour/ciscian/dialect_hp-2510g.rb +74 -14
- data/lib/construqt/flavour/delegates.rb +9 -0
- data/lib/construqt/flavour/mikrotik/flavour_mikrotik.rb +0 -3
- data/lib/construqt/flavour/mikrotik/flavour_mikrotik_bgp.rb +12 -1
- data/lib/construqt/flavour/mikrotik/flavour_mikrotik_interface.rb +32 -1
- data/lib/construqt/flavour/mikrotik/flavour_mikrotik_result.rb +2 -0
- data/lib/construqt/flavour/mikrotik/flavour_mikrotik_schema.rb +3 -3
- data/lib/construqt/flavour/plantuml/plantuml.rb +2 -2
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu.rb +24 -13
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu_bgp.rb +16 -7
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu_dns.rb +5 -5
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu_firewall.rb +218 -67
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu_ipsec.rb +33 -17
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu_opvn.rb +5 -5
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu_result.rb +77 -14
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu_services.rb +77 -29
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu_vrrp.rb +18 -3
- data/lib/construqt/interfaces.rb +25 -6
- data/lib/construqt/ipsecs.rb +5 -3
- data/lib/construqt/rack.rb +51 -0
- data/lib/construqt/resource.rb +25 -3
- data/lib/construqt/reverse.rb +1 -0
- data/lib/construqt/services.rb +15 -29
- data/lib/construqt/tags.rb +21 -15
- data/lib/construqt/templates.rb +17 -0
- data/lib/construqt/users.rb +4 -0
- data/lib/construqt/util.rb +1 -1
- data/lib/construqt/version.rb +1 -1
- data/lib/construqt/vlans.rb +13 -2
- data/lib/construqt.rb +2 -1
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: dfe8c9a2bd8be0212520042b682cecd13e29c344
|
4
|
+
data.tar.gz: 4a7f7d3e33653c244fa531330eeaae21a46cf238
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7714a4055290897c0db7983ee74289efa180d2ef6588fa8703dbd5404c698aef3c2d50309ccff96ecc3266c22c2da2a996872140c58a8b908f749fe1d8f60f41
|
7
|
+
data.tar.gz: cc0afd3f1d2d6ab770199da574d80abf9c45927a9cf790232782b4cba656b6dc4c44678a930353c56f9efb65ab44770b546bd8ec74baee2e0798fdc0c91c903f
|
data/lib/construqt/addresses.rb
CHANGED
@@ -18,6 +18,64 @@ module Construqt
|
|
18
18
|
@network
|
19
19
|
end
|
20
20
|
|
21
|
+
|
22
|
+
# hier frieht die hoelle zu!!!
|
23
|
+
class CqIpAddress
|
24
|
+
attr_reader :ipaddr, :container
|
25
|
+
def initialize(ipaddr, container)
|
26
|
+
@ipaddr = ipaddr
|
27
|
+
@container = container
|
28
|
+
end
|
29
|
+
def ipv4?
|
30
|
+
@ipaddr.ipv4?
|
31
|
+
end
|
32
|
+
def ipv6?
|
33
|
+
@ipaddr.ipv6?
|
34
|
+
end
|
35
|
+
def include?(a)
|
36
|
+
@ipaddr.include?(a)
|
37
|
+
end
|
38
|
+
def prefix
|
39
|
+
@ipaddr.prefix
|
40
|
+
end
|
41
|
+
def network
|
42
|
+
@ipaddr.network
|
43
|
+
end
|
44
|
+
def to_i
|
45
|
+
@ipaddr.to_i
|
46
|
+
end
|
47
|
+
def to_s
|
48
|
+
@ipaddr.to_s
|
49
|
+
end
|
50
|
+
def to_string
|
51
|
+
@ipaddr.to_string
|
52
|
+
end
|
53
|
+
def to_u32
|
54
|
+
@ipaddr.to_u32
|
55
|
+
end
|
56
|
+
def first
|
57
|
+
@ipaddr.first
|
58
|
+
end
|
59
|
+
def last
|
60
|
+
@ipaddr.last
|
61
|
+
end
|
62
|
+
def groups
|
63
|
+
@ipaddr.groups
|
64
|
+
end
|
65
|
+
def compressed
|
66
|
+
@ipaddr.compressed
|
67
|
+
end
|
68
|
+
def reverse
|
69
|
+
@ipaddr.reverse
|
70
|
+
end
|
71
|
+
def address
|
72
|
+
@ipaddr.address
|
73
|
+
end
|
74
|
+
def netmask
|
75
|
+
@ipaddr.netmask
|
76
|
+
end
|
77
|
+
end
|
78
|
+
|
21
79
|
class Address
|
22
80
|
attr_accessor :host
|
23
81
|
attr_accessor :interface
|
@@ -39,7 +97,7 @@ module Construqt
|
|
39
97
|
self.ips = []
|
40
98
|
self.host = nil
|
41
99
|
self.interface = nil
|
42
|
-
|
100
|
+
@routes = []
|
43
101
|
self.tags = []
|
44
102
|
@loopback = @dhcpv4 = @dhcpv6 = false
|
45
103
|
@name = nil
|
@@ -74,7 +132,7 @@ module Construqt
|
|
74
132
|
end
|
75
133
|
|
76
134
|
def tag(tag)
|
77
|
-
self.tags
|
135
|
+
self.tags += tag.split("#")
|
78
136
|
self
|
79
137
|
end
|
80
138
|
|
@@ -101,7 +159,7 @@ module Construqt
|
|
101
159
|
end
|
102
160
|
|
103
161
|
def add_ip(ip, region = "")
|
104
|
-
throw "please give a ip #{ip}"
|
162
|
+
throw "please give a ip #{ip}" if ip.nil?
|
105
163
|
if ip
|
106
164
|
#puts ">>>>> #{ip} #{ip.class.name}"
|
107
165
|
if DHCPV4 == ip
|
@@ -111,7 +169,8 @@ module Construqt
|
|
111
169
|
elsif LOOOPBACK == ip
|
112
170
|
@loopback = true
|
113
171
|
else
|
114
|
-
|
172
|
+
throw "please give a ip #{ip} as string!" unless ip.kind_of?(String)
|
173
|
+
(unused, ip) = self.merge_tag(ip) { |ip| CqIpAddress.new(IPAddress.parse(ip), self) }
|
115
174
|
self.ips << ip
|
116
175
|
end
|
117
176
|
end
|
@@ -119,13 +178,51 @@ module Construqt
|
|
119
178
|
self
|
120
179
|
end
|
121
180
|
|
181
|
+
|
182
|
+
def routes
|
183
|
+
@routes.map do |i|
|
184
|
+
if i.kind_of?(Route)
|
185
|
+
i
|
186
|
+
else
|
187
|
+
ret = []
|
188
|
+
[OpenStruct.new(:dsts => Construqt::Tags.ips_net(i.dst_tag, Construqt::Addresses::IPV6),
|
189
|
+
:vias => Construqt::Tags.ips_hosts(i.via_tag, Construqt::Addresses::IPV6)),
|
190
|
+
OpenStruct.new(:dsts => Construqt::Tags.ips_net(i.dst_tag, Construqt::Addresses::IPV4),
|
191
|
+
:vias => Construqt::Tags.ips_hosts(i.via_tag, Construqt::Addresses::IPV4))].each do |blocks|
|
192
|
+
next unless blocks.vias
|
193
|
+
next unless blocks.dsts
|
194
|
+
next if blocks.dsts.empty?
|
195
|
+
blocks.vias.each do |via|
|
196
|
+
blocks.dsts.each do |dst|
|
197
|
+
ret << build_route(dst.to_string, via.to_s, i.options)
|
198
|
+
end
|
199
|
+
end
|
200
|
+
end
|
201
|
+
ret
|
202
|
+
end
|
203
|
+
end.flatten
|
204
|
+
end
|
122
205
|
# @nameservers = []
|
123
206
|
# def add_nameserver(ip)
|
124
207
|
# @nameservers << IPAddress.parse(ip)
|
125
208
|
# self
|
126
209
|
# end
|
210
|
+
#
|
211
|
+
#
|
212
|
+
class TagRoute
|
213
|
+
attr_reader :dst_tag, :via_tag, :options
|
214
|
+
def initialize(dst_tag, via_tag, options)
|
215
|
+
@dst_tag = dst_tag
|
216
|
+
@via_tag = via_tag
|
217
|
+
@options = options
|
218
|
+
end
|
219
|
+
end
|
220
|
+
|
221
|
+
def add_route_from_tags(dst_tags, src_tags, options = {})
|
222
|
+
@routes << TagRoute.new(dst_tags, src_tags, options)
|
223
|
+
self
|
224
|
+
end
|
127
225
|
|
128
|
-
attr_accessor :routes
|
129
226
|
def add_routes(addr_s, via, options = {})
|
130
227
|
addrs = addr_s.kind_of?(Array) ? addr_s : [addr_s]
|
131
228
|
addrs.each do |addr|
|
@@ -141,9 +238,20 @@ module Construqt
|
|
141
238
|
self
|
142
239
|
end
|
143
240
|
|
144
|
-
|
241
|
+
class Route
|
242
|
+
attr_reader :dst, :via, :type, :metric, :routing_table
|
243
|
+
def initialize(dst, via, type, metric, routing_table)
|
244
|
+
@dst = dst
|
245
|
+
@via = via
|
246
|
+
@type = type
|
247
|
+
@metric = metric
|
248
|
+
@routing_table = routing_table
|
249
|
+
end
|
250
|
+
end
|
251
|
+
|
252
|
+
def build_route(dst, via, option = {})
|
145
253
|
#puts "DST => "+dst.class.name+":"+dst.to_s
|
146
|
-
(unused, dst) = self.merge_tag(dst) { |dst| IPAddress.parse(dst) }
|
254
|
+
(unused, dst) = self.merge_tag(dst) { |dst| CqIpAddress.new(IPAddress.parse(dst), self) }
|
147
255
|
metric = option['metric']
|
148
256
|
if via == UNREACHABLE
|
149
257
|
via = nil
|
@@ -152,14 +260,17 @@ module Construqt
|
|
152
260
|
if via.nil?
|
153
261
|
via = nil
|
154
262
|
else
|
155
|
-
via = IPAddress.parse(via)
|
263
|
+
(unused, via) = self.merge_tag(via) { |via| CqIpAddress.new(IPAddress.parse(via), self) }
|
156
264
|
throw "different type #{dst} #{via}" unless dst.ipv4? == via.ipv4? && dst.ipv6? == via.ipv6?
|
157
265
|
end
|
158
|
-
|
159
266
|
type = nil
|
160
267
|
end
|
268
|
+
Route.new(dst, via, type, metric, option["routing-table"])
|
269
|
+
end
|
161
270
|
|
162
|
-
|
271
|
+
|
272
|
+
def add_route(dst, via, option = {})
|
273
|
+
@routes << build_route(dst, via, option)
|
163
274
|
self
|
164
275
|
end
|
165
276
|
|
data/lib/construqt/bgps.rb
CHANGED
@@ -90,23 +90,19 @@ module Construqt
|
|
90
90
|
def addr_v_(cfg)
|
91
91
|
[OpenStruct.new({:code=>4, :is? => lambda {|i| i.ipv4? }, :max_prefix=>32}),
|
92
92
|
OpenStruct.new({:code=>6, :is? => lambda {|i| i.ipv6? }, :max_prefix=>128})].each do |family|
|
93
|
-
|
94
|
-
next unless
|
93
|
+
addrs = cfg["addr_v#{family.code}"]
|
94
|
+
next unless addrs
|
95
95
|
cfg.delete("addr_v#{family.code}")
|
96
96
|
addr_sub_prefix = cfg['addr_sub_prefix']
|
97
97
|
cfg.delete('addr_sub_prefix')
|
98
|
+
throw "addrs must be array" unless addrs.kind_of?([].class)
|
98
99
|
#puts addr.inspect
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
cfg = { 'network' => network }.merge(cfg)
|
105
|
-
cfg['prefix_length'] = [net.prefix,family.max_prefix] if addr_sub_prefix
|
106
|
-
@list << cfg
|
107
|
-
end
|
100
|
+
addrs.each do |net|
|
101
|
+
next unless family.is?.call(net)
|
102
|
+
out = ({ 'network' => Construqt::Addresses::Address.new.add_ip(net.to_string) }).merge(cfg)
|
103
|
+
out['prefix_length'] = [net.prefix,family.max_prefix] if addr_sub_prefix
|
104
|
+
@list << out
|
108
105
|
end
|
109
|
-
|
110
106
|
nil
|
111
107
|
end
|
112
108
|
end
|
@@ -115,6 +111,7 @@ module Construqt
|
|
115
111
|
cfg = {}.merge(cfg)
|
116
112
|
cfg['rule'] = 'accept'
|
117
113
|
addr_v_(cfg)
|
114
|
+
throw "we need a network attribute" unless cfg['network']
|
118
115
|
@list << cfg if cfg['network']
|
119
116
|
end
|
120
117
|
|
@@ -122,6 +119,7 @@ module Construqt
|
|
122
119
|
cfg = {}.merge(cfg)
|
123
120
|
cfg['rule'] = 'reject'
|
124
121
|
addr_v_(cfg)
|
122
|
+
throw "we need a network attribute" unless cfg['network']
|
125
123
|
@list << cfg if cfg['network']
|
126
124
|
end
|
127
125
|
end
|
data/lib/construqt/firewalls.rb
CHANGED
@@ -9,6 +9,56 @@ module Construqt
|
|
9
9
|
DROP = :DROP
|
10
10
|
end
|
11
11
|
|
12
|
+
module ICMP
|
13
|
+
PingRequest = :ping_request
|
14
|
+
end
|
15
|
+
|
16
|
+
module FromToNetAddr
|
17
|
+
def from_net_addr(*adr)
|
18
|
+
@from_net_addr ||= []
|
19
|
+
@from_net_addr += adr
|
20
|
+
self
|
21
|
+
end
|
22
|
+
def get_from_net_addr
|
23
|
+
@from_net_addr || []
|
24
|
+
end
|
25
|
+
|
26
|
+
def to_net_addr(*adr)
|
27
|
+
@to_net_addr ||= []
|
28
|
+
@to_net_addr += adr
|
29
|
+
self
|
30
|
+
end
|
31
|
+
def get_to_net_addr
|
32
|
+
@to_net_addr || []
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
module InputOutputOnly
|
37
|
+
# the big side effect
|
38
|
+
|
39
|
+
def input_only?
|
40
|
+
(!@set && true) || @input_only
|
41
|
+
end
|
42
|
+
|
43
|
+
def output_only?
|
44
|
+
(!@set && true) || @output_only
|
45
|
+
end
|
46
|
+
|
47
|
+
def input_only
|
48
|
+
@set = true
|
49
|
+
@input_only = true
|
50
|
+
@output_only = false
|
51
|
+
self
|
52
|
+
end
|
53
|
+
|
54
|
+
def output_only
|
55
|
+
@set = true
|
56
|
+
@input_only = false
|
57
|
+
@output_only = true
|
58
|
+
self
|
59
|
+
end
|
60
|
+
end
|
61
|
+
|
12
62
|
class Firewall
|
13
63
|
def initialize(name)
|
14
64
|
@name = name
|
@@ -16,6 +66,26 @@ module Construqt
|
|
16
66
|
@nat = Nat.new(self)
|
17
67
|
@forward = Forward.new(self)
|
18
68
|
@host = Host.new(self)
|
69
|
+
@ipv4 = true
|
70
|
+
@ipv6 = true
|
71
|
+
end
|
72
|
+
|
73
|
+
def ipv4?
|
74
|
+
@ipv4
|
75
|
+
end
|
76
|
+
def only_ipv4
|
77
|
+
@ipv4 = true
|
78
|
+
@ipv6 = false
|
79
|
+
self.clone
|
80
|
+
end
|
81
|
+
|
82
|
+
def ipv6?
|
83
|
+
@ipv6
|
84
|
+
end
|
85
|
+
def only_ipv6
|
86
|
+
@ipv4 = false
|
87
|
+
@ipv6 = true
|
88
|
+
self.clone
|
19
89
|
end
|
20
90
|
|
21
91
|
def name
|
@@ -31,17 +101,19 @@ module Construqt
|
|
31
101
|
|
32
102
|
class RawEntry
|
33
103
|
include Util::Chainable
|
34
|
-
|
35
|
-
|
36
|
-
chainable_attr :
|
37
|
-
chainable_attr :
|
104
|
+
include FromToNetAddr
|
105
|
+
include InputOutputOnly
|
106
|
+
chainable_attr :prerouting, true, false, lambda{|i| @output = false; input_only }
|
107
|
+
chainable_attr :output, true, false, lambda {|i| @prerouting = false; output_only }
|
38
108
|
chainable_attr :interface
|
39
|
-
chainable_attr :
|
109
|
+
chainable_attr :from_my_net, true, false
|
110
|
+
chainable_attr :to_my_net, true, false
|
40
111
|
chainable_attr_value :from_net, nil
|
41
112
|
chainable_attr_value :to, nil
|
42
113
|
chainable_attr_value :to_net, nil
|
43
114
|
chainable_attr_value :action, nil
|
44
115
|
|
116
|
+
|
45
117
|
def initialize
|
46
118
|
@from_is = nil
|
47
119
|
end
|
@@ -54,6 +126,7 @@ module Construqt
|
|
54
126
|
end
|
55
127
|
def from_is(direction)
|
56
128
|
@from_is = direction
|
129
|
+
self
|
57
130
|
end
|
58
131
|
end
|
59
132
|
|
@@ -86,16 +159,32 @@ module Construqt
|
|
86
159
|
|
87
160
|
class NatEntry
|
88
161
|
include Util::Chainable
|
89
|
-
|
90
|
-
|
91
|
-
chainable_attr :
|
92
|
-
chainable_attr :output_only
|
162
|
+
include FromToNetAddr
|
163
|
+
include InputOutputOnly
|
164
|
+
chainable_attr :prerouting, true, false, lambda{|i| @postrouting = false; input_only }
|
165
|
+
chainable_attr :postrouting, true, false, lambda{|i| @prerouting = false; output_only }
|
93
166
|
chainable_attr :to_source
|
94
167
|
chainable_attr :interface
|
95
|
-
chainable_attr :
|
168
|
+
chainable_attr :from_my_net, true, false
|
169
|
+
chainable_attr :to_my_net, true, false
|
96
170
|
chainable_attr_value :from_net, nil
|
97
171
|
chainable_attr_value :to_net, nil
|
98
172
|
chainable_attr_value :action, nil
|
173
|
+
|
174
|
+
def initialize
|
175
|
+
@from_is = nil
|
176
|
+
end
|
177
|
+
|
178
|
+
def from_is_inbound?
|
179
|
+
@from_is == :inbound
|
180
|
+
end
|
181
|
+
def from_is_outbound?
|
182
|
+
@from_is == :outbound
|
183
|
+
end
|
184
|
+
def from_is(direction)
|
185
|
+
@from_is = direction
|
186
|
+
self
|
187
|
+
end
|
99
188
|
end
|
100
189
|
|
101
190
|
def add
|
@@ -136,17 +225,26 @@ module Construqt
|
|
136
225
|
|
137
226
|
class ForwardEntry
|
138
227
|
include Util::Chainable
|
228
|
+
include FromToNetAddr
|
229
|
+
include InputOutputOnly
|
230
|
+
|
139
231
|
chainable_attr :interface
|
140
232
|
chainable_attr :connection
|
141
|
-
chainable_attr :
|
142
|
-
chainable_attr :
|
143
|
-
chainable_attr :
|
233
|
+
chainable_attr :from_my_net, true, false
|
234
|
+
chainable_attr :to_my_net, true, false
|
235
|
+
chainable_attr :from_route, true, false
|
144
236
|
chainable_attr :connection
|
237
|
+
chainable_attr :link_local
|
238
|
+
chainable_attr :icmp
|
239
|
+
chainable_attr :esp
|
240
|
+
chainable_attr :ah
|
145
241
|
chainable_attr :tcp
|
146
242
|
chainable_attr :udp
|
243
|
+
chainable_attr :type, nil
|
147
244
|
chainable_attr_value :log, nil
|
148
245
|
chainable_attr_value :from_net, nil
|
149
246
|
chainable_attr_value :to_net, nil
|
247
|
+
chainable_attr_value :to_host, nil
|
150
248
|
chainable_attr_value :action, nil
|
151
249
|
|
152
250
|
def initialize
|
@@ -161,6 +259,7 @@ module Construqt
|
|
161
259
|
end
|
162
260
|
def from_is(direction)
|
163
261
|
@from_is = direction
|
262
|
+
self
|
164
263
|
end
|
165
264
|
|
166
265
|
def port(port)
|
@@ -198,9 +297,9 @@ module Construqt
|
|
198
297
|
end
|
199
298
|
|
200
299
|
class HostEntry < Forward::ForwardEntry
|
201
|
-
include Util::Chainable
|
202
|
-
|
203
|
-
|
300
|
+
#include Util::Chainable
|
301
|
+
alias_method :from_me, :from_my_net
|
302
|
+
alias_method :to_me, :to_my_net
|
204
303
|
end
|
205
304
|
|
206
305
|
def add
|